AGENCY:
Federal Aviation Administration (FAA), DOT.
ACTION:
Notice of proposed rulemaking (NPRM).
SUMMARY:
This action would require each certificate holder to establish a safety management system (SMS) for its entire airfield environment (including movement and non-movement areas) to improve safety at airports hosting air carrier operations. An SMS is a formalized approach to managing safety by developing an organization-wide safety policy, developing formal methods of identifying hazards, analyzing and mitigating risk, developing methods for ensuring continuous safety improvement, and creating organization-wide safety promotion strategies. When systematically applied in an SMS, these activities provide a set of decision-making tools that airport management can use to improve safety. This proposal would require a certificate holder to submit an implementation plan and implement an SMS within timeframes commensurate with its class of Airport Operating Certificate (AOC).
DATES:
Send your comments on or before January 5, 2011.
ADDRESSES:
You may send comments identified by Docket Number FAA-2010-0997 using any of the following methods:
- Federal eRulemaking Portal: Go to http://www.regulations.gov and follow the online instructions for sending your comments electronically.
- Mail: Send Comments to Docket Operations, M-30; U.S. Department of Transportation, 1200 New Jersey Avenue, SE., West Building Ground Floor, Room W12-140, West Building Ground Floor, Washington, DC 20590-0001.
- Hand Delivery: Take comments to Docket Operations in Room W12-140 of the West Building Ground Floor at 1200 New Jersey Avenue, SE., Washington, DC, between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays.
- Fax: (202) 493-2251.
For more information on the rulemaking process, see the SUPPLEMENTARY INFORMATION section of this document.
Privacy: We will post all comments we receive, without change, to http://www.regulations.gov,, including any personal information you provide. Using the search function of our docket web site, anyone can find and read the comments received into any of our dockets, including the name of the individual sending the comment (or signing the comment for an association, business, labor union, etc.). You may review DOT's complete Privacy Act Statement in the Federal Register published on April 11, 2000 (65 FR 19477-78) or you may visit http://DocketsInfo.dot.gov.
Docket: To read background documents or comments received, go to http://www.regulations.gov at any time and follow the online instructions for accessing the docket or go to Docket Operations in Room W12-140 of the West Building Ground Floor at 1200 New Jersey Avenue, SE., Washington, DC, between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays.
FOR FURTHER INFORMATION CONTACT:
For technical questions concerning this proposed rule, contact Keri Spencer, Office of Airports Safety and Standards, Airports Safety and Operations Division, Federal Aviation Administration, 800 Independence Avenue, SW., Washington, DC 20591; telephone (202) 267-8972; fax (202) 493-1416; e-mail keri.spencer@faa.gov. For legal questions, contact Robert Hawks, Office of the Chief Counsel, Regulations Division, Federal Aviation Administration, 800 Independence Avenue, SW., Washington, DC 20591; telephone (202) 267-7143; fax (202) 267-7971; e-mail: rob.hawks@faa.gov.
SUPPLEMENTARY INFORMATION:
Later in this preamble under the Additional Information section, we discuss how you can comment on this proposal and how we will handle your comments. Included in this discussion is related information about the docket, privacy, and the handling of proprietary or confidential business information. We also discuss how you can get a copy of this proposal and related rulemaking documents.
Authority for This Rulemaking
The FAA's authority to issue rules regarding aviation safety is found in Title 49 of the United States Code. Subtitle I, section 106 describes the authority of the FAA Administrator. Subtitle VII, Aviation Programs, describes in more detail the scope of the agency's authority.
The FAA is issuing this rulemaking under the authority described in subtitle VII, part A, subpart III, section 44706, “Airport operating certificates.” Under that section, Congress charges the FAA with issuing airport operating certificates that contain terms that the Administrator finds necessary to ensure safety in air transportation. This proposed rule is within the scope of that authority because it requires all holders of an airport operating certificate to develop, implement, and maintain an SMS. The development and implementation of an SMS ensures safety in air transportation by assisting airports in proactively identifying and mitigating safety hazards.
Background
The FAA is committed to continuously improving safety in air transportation. As the demand for air transportation increases, the impacts of additional air traffic and surface operations, changes in air traffic procedures, and airport construction can heighten the risks of aircraft operations. While the FAA's use of prescriptive regulations and technical operating standards has been effective, such regulations may leave gaps best addressed through improved management practices. As the certificate holder best understands its own operating environment, it is in the best position to address many of its own safety issues. While the FAA would still conduct regular inspections, SMS's proactive emphasis on hazard identification and mitigation, and on communication of safety issues, provides certificate holders robust tools to improve safety.
The International Civil Aviation Organization (ICAO) defines SMS as a “systematic approach to managing safety, including the necessary organizational structures, accountabilities, policies, and procedures.” In 2001, ICAO adopted a standard in Annex 14 that all member states establish SMS requirements for airport operators. The FAA supports conformity of U.S. aviation safety regulations with ICAO standards and recommended practices. The agency intends to meet the intent of the ICAO standard in a way that complements existing airport safety regulations in 14 CFR part 139. Additional information regarding these amendments, as well as ICAO's guidance on establishing an SMS framework, may be found at http://www.icao.int/anb/safetymanagement/.
See ICAO, Safety Management Manual, at 6.5.3 ICAO Doc. 9859-AN/474 (2nd ed. 2009).
Safety Management System Components
An SMS provides an organization's management with a set of decision-making tools that can be used to plan, organize, direct, and control its business activities in a manner that enhances safety and ensures compliance with regulatory standards. These tools are similar to those management already uses to make production or operations decisions. An SMS has four key components: Safety Policy, Safety Risk Management (SRM), Safety Assurance, and Safety Promotion. Definitions of these are as follows and further detailed in the proposal discussion.
Safety Policy. Safety Policy provides the foundation or framework for the SMS. It outlines the methods and tools for achieving desired safety outcomes. Safety Policy also details management's responsibility and accountability for safety.
Safety Risk Management (SRM). As a core activity of SMS, SRM uses a set of standard processes to proactively identify hazards, analyze and assess potential risks, and design appropriate risk mitigation strategies.
Safety Assurance. Safety Assurance is a set of processes that monitor the organization's performance in meeting its current safety standards and objectives as well as contribute to continuous safety improvement. Safety Assurance processes include information acquisition, analysis, system assessment, and development of preventive or corrective actions for nonconformance.
Safety Promotion. Safety Promotion includes processes and procedures used to create an environment where safety objectives can be achieved. Safety promotion is essential to create an organization's positive safety culture. Safety culture is characterized by knowledge and understanding of an organization's SMS, effective communications, competency in job responsibilities, ongoing training, and information sharing. Safety Promotion elements include training programs, communication of critical safety issues, and confidential reporting systems.
National Transportation Safety Board Recommendations
The National Transportation Safety Board (NTSB) first recommended safety management systems for the maritime industry in 1997. Since then, a number of NTSB investigations have cited organizational factors contributing to accidents and have recommended SMS as a way to prevent future accidents and improve safety. The NTSB first offered an SMS recommendation to the FAA after its investigation of the October 14, 2004, accident of Pinnacle Airlines Flight 3701.
Pinnacle Airlines Flight 3701 was on a repositioning flight between Little Rock National Airport and Minneapolis-St. Paul International Airport when both engines flamed out after a pilot-induced aerodynamic stall. The pilots were unable to regain control, and the aircraft crashed in a residential area south of Jefferson City, Missouri. The NTSB's investigation revealed “the accident was the result of poorly performing pilots who intentionally deviated from standard operating procedures and basic airmanship.” The NTSB further stated “operators have the responsibility for a flight crew's cockpit discipline and adherence to standard operating procedures” and offered an SMS as a means to help air carriers ensure safety. The NTSB formally recommended the FAA “require all 14 CFR part 121 operators establish Safety Management System programs.”
NTSB Accident Report AAR-07/01, “Crash of Pinnacle Airlines Flight 3701 Bombardier CL-600-2B19, N8396A, Jefferson City, Missouri, October 14, 2004,” at 53 (Jan. 9, 2007) .
Id. at 61.
Id. at 75 ; see also NTSB Safety Recommendation Letter (Jan. 23, 2007) (NTSB Recommendation A-07-10).
Three years after the Pinnacle Airlines accident, the NTSB investigated the in-flight fire, emergency descent, and crash of a Cessna 310R in Sanford, Florida, and issued another SMS recommendation. The NTSB determined the probable causes of the accident “were the actions and decisions by NASCAR's corporate aviation division's management and maintenance personnel to allow the accident airplane to be released for flight with a known and unresolved discrepancy, and the accident pilots' decision to operate the airplane with that known discrepancy.” As in the Pinnacle Airlines accident, the NASCAR pilot and aviation organization failed to follow standard operating procedures (SOPs). The NTSB stated “an effective SMS program formalizes a company's SOPs and establishes methods for ensuring that those SOPs are followed.” The NTSB recommended the FAA “develop a safety alert for operators encouraging all 14 CFR part 91 business operators to adopt SMS programs that include sound risk management practices.”
NTSB Accident Report AAR-09/01, “In-flight Fire, Emergency Descent and Crash in a Residential Area Cessna 310R, N501N, Sanford, Florida, July 10, 2007,” at iv (Jan. 28, 2009).
Id. at 19.
Id. at 25; see also NTSB Safety Recommendation Letter (Feb. 18, 2009) (NTSB Recommendation A-09-16).
While the NTSB has not formally recommended the FAA require an SMS for certificated airports, the FAA has concluded those same organizational factors apply to all regulated sectors of the aviation industry. Airports operate in similar environments as air carriers and business flight operators where adherence to standard operating procedures, proactive identification, mitigation of hazards and risks, and effective communications are crucial to continued operational safety. Accordingly, certificated airports could realize similar SMS benefits as an aircraft operator. The FAA envisions an SMS would provide an airport with an added layer of safety to help reduce the number of near-misses, incidents, and accidents. An SMS also would ensure that all levels of airport management understand safety implications of airfield operations.
FAA SMS Pilot Studies and Research Projects
The FAA initiated a number of collaborative efforts studying SMS application at U.S. certificated airports. These efforts included developing advisory guidance, researching airport SMS recommended practices, and conducting airport pilot studies.
Advisory Circulars and Research Studies
The FAA, on February 28, 2007, issued Advisory Circular (AC) 150/5200-37, Introduction to Safety Management Systems for Airport Operators. This AC provides an introduction to SMS and general guidelines for an airport SMS. While compliance with this AC is voluntary, numerous airports have used it in implementing their SMS.
The Airports Cooperative Research Program (ACRP) approved two projects to prepare guidance on airport SMS. In September 2007, MITRE Corporation published the first report, SMS for Airports Volume 1: Overview. This report describes SMS benefits, ICAO requirements, and SMS application at U.S. airports. The second project, ACRP's SMS for Airports Volume 2: Guidebook, was completed in October 2009 and provides practical guidance on development and implementation of an airport SMS.
The Transportation Research Board (TRB) manages ACRP.
Pilot Studies
Beginning in April 2007, the FAA conducted a pilot study to evaluate SMS development at certificated airports of varying size and complexity. The study also compared current part 139 requirements and typical SMS requirements.
The first round of pilot studies included over 20 airports. The FAA later established a second round of pilot studies on SMS development at smaller airports with a Class II, III, or IV AOC.
For definitions of classes of AOCs, see 14 CFR 139.5.
All participating airports conducted a gap analysis or benchmark study examining differences between their FAA-approved Airport Certification Manual (ACM), part 139 requirements, and a typical airport SMS. Using these results, the participating airports then developed a separate SMS Manual and Implementation Plan using AC 150/5200-37 and the FAA Airport SMS Pilot Study Participant's Guide. While pilot study airports were not required to implement an SMS, many chose to do so. As a result of these pilot studies, participating airports and the FAA made some key findings.
First, the FAA concluded that compliance with part 139 is essential to ensuring a safe and standardized airport system. However, part 139 compliance does not by itself sufficiently address the risk management, assurance, reporting, safety data management, communications, or training needs of modern airports. The FAA further concluded an SMS can help an airport achieve performance-based systems safety.
The gap analyses revealed that aspects of part 139 can serve as building blocks for an SMS. For example, at least one pilot study airport recognized its existing part 139 compliance program incorporated some SMS concepts. Additionally, the majority of participating airports have an organizational safety policy statement, but these statements may be informal or inadequate or focus on employee rather than on operational safety. The gap analysis also uncovered that less formal safety policies are often not effectively communicated to employees.
The majority of pilot study airports indicated an existing organizational structure to manage safety (such as a standing safety committee), but there is rarely one person with overall responsibility and authority for operational safety. Several airports admitted to relatively inactive safety committees. Second, several airports indicated they have safety risk management programs or policies in place (e.g., part 139 self-inspection program), but most described their hazard identification processes as reactive rather than proactive. These airports concluded their existing programs could be improved to meet the intent of the SMS SRM. While § 139.327 requires an airport to identify hazards or discrepancies during its self inspection, this requirement does not realize the potential of safety management through identifying and recording all safety hazards, conducting risk assessments, and developing mitigation strategies.
Some airports indicated they did not have adequate accident or incident reporting procedures. Still others with reporting procedures indicated the procedures lacked solid analytical techniques to identify airport hazards and uncover underlying safety issues.
Third, almost all pilot study airports indicated compliance with part 139 through some auditing system. However, most of these airports also indicated the audits are not carried out systematically to determine whether the airport is meeting safety goals and objectives. Few certificated airports indicated formal procedures to systematically review safety-related data. All pilot study airports have record-keeping and retrieval systems in place, but each indicated room for improvement. Improved systems would allow for trend and other data analysis to proactively identify operational hazards and potentially prevent future incidents or accidents.
Finally, almost all pilot study airports indicated they currently conduct safety training, but some indicated there is no organizational approach to safety training. Several airports indicated their informal safety communications do not properly disseminate information (such as risk management data) throughout the organization or to other stakeholders. In general, the airports acknowledged more formalized training and communications programs, such as those required under Safety Promotion, would be beneficial.
Benefits
The FAA has determined that an SMS requirement would improve safety at part 139 certificated airports. The FAA reached this conclusion based on detailed study of ICAO's Annex 14 requirements, review of NTSB's recommendations, and the airport SMS pilot studies. Airports should realize benefits from increased communication, training, and reporting. Some airports may realize financial benefits through reduced insurance costs associated with proactive hazard identification and safety risk analysis.
A properly functioning airport SMS would help an airport ensure:
- Individuals are trained on the safety implications of working on the airside of the airport;
- Proactive hazard identification and analysis systems are in place;
- Data analysis, tracking, and reporting systems are available for trend analysis and to gain lessons learned; and
- Timely communication of safety issues to all stakeholders.
The FAA envisions an airport's SMS would uncover previously unknown hazards and risks, providing an airport the opportunity to proactively mitigate risk. Over time, these efforts should prevent accidents and incidents, thereby reducing the direct and indirect costs and risks of airport operations.
Several airports have seen benefits by voluntarily implementing SMS or applying SMS principles in their operations. For example, a large international airport holding a Class I AOC reduced insurance costs after implementing SMS principles. A smaller domestic airport holding a Class IV AOC has seen a major improvement in operational safety after implementing its SMS.
Discussion of the Proposal
The FAA proposes to require all certificate holders develop and implement an SMS for the movement and non-movement areas of the airport (i.e., airfield and ramp). The FAA proposes to add subpart E to part 139, which would include:
(1) A new § 139.401 that would require all holders of an AOC to have an approved airport SMS;
(2) a new § 139.402 that would prescribe the components of an airport SMS; and
(3) a new § 139.403 that would prescribe the implementation requirements for an airport SMS.
The proposal also would add to § 139.5 the following definitions: Accountable executive; Airport safety management system; Hazard; Non-movement area; Risk; Risk analysis; Risk mitigation; Safety assurance; Safety policy; Safety promotion; and Safety risk management (SRM).
Many of the definitions are from existing international standards and FAA guidance materials. These definitions are applicable to the following discussion.
Regulation of the Non-Movement Area
Under this proposal, an airport would implement its SMS throughout the airport environment, including the movement and non-movement areas (including runways, taxiways, run-up areas, ramps, apron areas, and on-airport fuel farms). The FAA acknowledges the proposal extends the scope of part 139 by including the non-movement areas, but the FAA has concluded that ensuring safety in air transportation requires that an SMS applies to any place that affects safety during aircraft operations.
Many pilot study airports concluded it was difficult to apply SMS concepts to only the movement area because aircraft and airport airside personnel routinely flow between movement and non-movement areas. The airports also found a large number of safety incidents occur in the non-movement area and believe applying SMS to this area may reduce that number.
The FAA does not intend to require airports to extend their SMS to the landside environment such as terminal areas. Nevertheless, an airport may voluntarily expand its SMS to all airside and landside environments.
Flexibility
The FAA envisions an SMS as an adaptable and scalable system. An organization can develop an SMS to meet its unique operating environment. For those reasons, this proposal would allow an airport the maximum amount of flexibility to develop and achieve its safety goals. Accordingly, the FAA would prescribe only the general framework of an SMS.
The FAA learned through the pilot studies there are circumstances when a certificate holder may want flexibility in maintaining SMS documentation. For example, some airport operators manage multiple airports (have multiple AOCs), and some may want to expand SMS beyond the FAA-regulated areas (such as for landside or terminal operations.) In allowing maximum flexibility, a certificate holder may maintain a separate SMS Manual in addition to the ACM or may maintain SMS documentation directly in the ACM. If a certificate holder develops a separate manual, it would cross-reference the SMS requirements in its FAA-approved ACM. Accordingly, the FAA proposes amending § 139.203 to require the FAA-approved ACM contain the policies and procedures for development, implementation, operation, and maintenance of the certificate holder's SMS. The FAA also proposes to amend § 139.103 to require two copies of the SMS manual, or SMS portion of the ACM, accompany an AOC application.
Minimum Elements of SMS
In a new § 139.402, the FAA would require each airport SMS include the four SMS components: Safety Policy, SRM, Safety Assurance, and Safety Promotion. These components are equivalent to ICAO's SMS pillars. To support each of these components, the FAA proposes a certificate holder implement a number of elements. Together the components and elements provide the general framework for an organization-wide safety management approach to airport operations. To make these components and elements effective, a certificate holder would develop processes and procedures appropriate to the airport's operating environment. The FAA understands that a certificate holder could comply with these requirements through a variety of means. The FAA intends these proposed requirements to be scalable to the size and complexity of the certificate holder. The FAA invites comments on how the FAA could clarify or improve the scalability of this proposal.
The FAA envisions a certificate holder using an operational SMS to:
- Actively engage airport management in airfield safety;
- Ensure formal documentation of hazards and analytical processes are used to analyze, assess, and mitigate risks;
- Proactively look for safety issues through analysis and use of lessons learned; and
- Train individuals accessing the airside environment on SMS and operational safety.
The following details SMS components and elements as specifically applied to a part 139 airport certificate holder.
Safety Policy
This proposal would require a certificate holder to establish a safety policy that:
- Identifies the accountable executive;
- Identifies and communicates the safety organizational structure;
- Identifies the lines of safety responsibility and accountability;
- Establishes and maintains a safety policy statement;
- Ensures the safety policy statement is available to all employees;
- Establishes and maintains safety objectives; and
- Establishes and maintains an acceptable level of safety for the organization.
This proposal would require an airport to identify an accountable executive. The FAA understands that airport operations and organizational structures vary widely. Accordingly, the FAA would not prescribe a particular job title. Nevertheless, the accountable executive must be a high-level manager who can influence safety-related decisions and has authority to approve operational decisions and changes because an effective SMS requires high-level management involvement in safety decisionmaking. Accordingly, the FAA proposes the international standard definition for an accountable executive (i.e., requiring the accountable executive to be an individual with ultimate responsibility and accountability, full control of the human and financial resources required to maintain the SMS, and final authority over operations and safety issues). The FAA acknowledges it may be difficult for U.S. airports to identify an accountable executive meeting that international standard, but it believes an acceptable accountable executive would be the highest approving authority at the airport for operational decisions and changes. The FAA invites comments concerning the definition of accountable executive for certificated airports.
See ICAO, Safety Management Manual, at 8.4.5 & 8.4.6 ICAO Doc. 9859-AN/474 (2nd ed. 2009).
Additionally, we would require a certificate holder to identify its safety organizational structure and management responsibility and accountability for safety issues. The importance to identifying who in airport management is responsible for safety ensures resources are allocated to balance safety and service. For example, an airport would identify each manager accountable for safety and that manager's responsibilities under the airport SMS. Each airport employee should know who is the contact point for a particular safety issue. An airport would decide how managers' safety responsibilities and accountabilities are communicated. It could use an organizational chart or other means that identify lines of communication and decisionmaking. In some organizations, with multiple departments responsible for part 139 compliance, an airport may have multiple line managers responsible for the safety of different airport areas (e.g., an operations manager for airfield operational safety issues or a maintenance manager for maintenance safety issues). The safety organizational structure should allow every employee to understand how safety issues progress through the organization. This safety organizational structure also would ensure that senior management is aware of the daily activities of these departments and has an active role in airport safety.
Currently, § 139.203 requires certificated airports to have lines of succession of airport operator responsibility. These lines may provide a foundation for establishing the airport's accountable executive and delineation of responsibility for SMS functions.
This proposal would require a certificate holder's safety policy statement be included in SMS documentation. The “accountable executive” would issue this statement because management's commitment to safety should be expressed formally. The safety policy statement would outline the methods and processes used to achieve desired safety outcomes. The statement typically would contain the following:
- A commitment by senior management to implement SMS;
- A commitment to continual safety improvement;
- The encouragement for employees to report safety issues without fear of reprisal;
- A commitment to provide the necessary safety resources; and
- A commitment to make safety the highest priority.
Some airports may be able to adapt a safety policy statement from existing policy statements. Others may supplement existing policies that focus on occupational safety issues (for example, the airport strives to have zero employee injuries). Other airports may have informal safety objectives that could be formalized into a safety policy statement.
Finally, this proposal would require an airport to establish safety objectives relevant to its operating environment. These objectives should improve overall airport safety. Some examples of safety objectives may include a reduction in the amount of Foreign Object Debris (FOD) related damage, a reduction in the number of Vehicle/Pedestrian Deviations (VPDs), timely issuance of airfield condition Notices to Airmen (NOTAMs), and continued conformance with part 139 requirements. Setting these objectives and metrics would aid the airport, stakeholders, and the FAA in verifying achievement or progress towards an airport's improvement of safety.
Safety Risk Management (SRM)
This proposal would require a certificate holder to establish an SRM process to identify hazards and their associated risks within the airport's operations. Under SRM, the airport would be required to:
- Identify safety hazards;
- Ensure that mitigations are implemented where appropriate to maintain an acceptable level of safety;
- Provide for regular assessment of safety level achieved;
- Aim to make continuous improvement to the airport's overall level of safety; and
- Establish and maintain a process for formally documenting identified hazards, their associated analyses, and management's acceptance of the associated risks.
A comprehensive SMS using SRM would provide management a tool for identification of hazards and risks and prioritization of their resolution. While each certificate holder's SRM processes may be unique to the airport's operations and organizational structure, the FAA would require it to incorporate SRM's five steps:
(1) Describing the system;
(2) Identifying the hazards;
(3) Analyzing the risk associated with those hazards;
(4) Assessing the risk associated with those hazards; and
(5) Mitigating the risk of identified hazards when necessary.
This proposal would require a certificate holder to use SRM processes to analyze risk associated with hazards discovered during daily operations and for changes to operations. Changes in airport operations could introduce new hazards into the airfield environment, such as adding new tenants or air carriers at the airport. These could be discovered, tracked, and mitigated using an existing or newly-created hazards tracking system. However, some system descriptions set the boundaries for hazard identification by considering the operating environment in which hazards are identified. Operational changes may overlap with SRM requirements under the FAA Air Traffic Organization's SMS. Examples of these changes include runway extensions or the construction of new taxiways. In these cases, the FAA expects that the certificate holder would participate in the FAA's risk analysis instead of performing an independent risk analysis under its SMS.
The first step of SRM is describing the system. This step entails describing the operating environment in which the hazards will be identified. System description serves as the boundaries for hazard identification. For airports, operational, procedural, conditional, or physical characteristics are included in the system description. A system description could answer the following questions:
- Are there visual or instrument meteorological conditions;
- Is it a time of low or high peak traffic;
- Are there closed or open runways; or
- Is the airfield under construction or normal operations?
The second step of SRM identifies hazards in a systematic way based on the system described in the first step. All possible sources of system failure should be considered. Depending on the nature and size of the system under consideration, these should include:
- Equipment (for example, construction equipment on a movement surface), the operating environment (for example, weather conditions, season, time of day);
- Human factors (for example, shift work);
- Operational procedures (for example, staffing levels);
- Maintenance procedures (for example, nightly movement area inspections by airport electricians); and
- External services (for example, ramp traffic by fixed-base operator (FBO) or law enforcement vehicles).
A certificate holder should implement hazard identification processes and procedures that reflect its management structure and complexity. There are many ways to accomplish this hazard identification, but all must use the following four elements:
(1) Operational expertise;
(2) Training in SMS (and, if possible, hazard analysis techniques);
(3) A simple, but well-defined, hazard analysis tool; and
(4) Adequate documentation of the process.
Many airports already have hazard identification processes in place to ensure part 139 compliance. For example, part 139 currently requires an airport operator to conduct a daily inspection, unless otherwise stated in the FAA-approved ACM.
A certificate holder could use hazard reports obtained through the airport's safety reporting system, which is detailed later in this discussion. The airport also would keep track of incidents and accidents occurring in the airport's movement and non-movement areas to identify potential operational hazards. Many airports already track incidents and accidents in the movement area.
One of the most important aspects of hazard identification is systematically documenting and tracking potential hazards. This documented data allows meaningful analysis of operational safety-related trends on the airfield and of overall airport system safety.
After identifying hazards, a certificate holder would complete the third step of SRM, hazard analysis. For each hazard, the certificate holder would consider the worst credible outcome (harm), which is the most unfavorable consequence that is realistically possible, based on the system described. For the worst credible outcome, the certificate holder would determine the likelihood and severity of that outcome using quantitative or qualitative methods.
A certificate holder would define its levels of likelihood and severity. ICAO and the FAA have developed sample definitions and levels of likelihood and severity for use in categorizing hazards. An example is a five-point table for severity and likelihood. The categorization of severity includes definitions for catastrophic, hazardous, major, minor, or negligible. The categorization of likelihood includes definitions for frequent, occasional, remote, improbable, and extremely improbable. A certificate holder should develop tables commensurate with its operational needs and complexity. For example, a less complex airport with few operations may find it effective to have fewer levels of gradation. However, a larger airport with a variety of operations may require a five-point or larger table to be most effective. Based on these definitions, a likelihood and severity of occurrence is selected for each hazard.
See ICAO, Safety Management Manual, at 6.5.3 ICAO Doc. 9859-AN/474 (2nd ed. 2009); see also FAA Advisory Circular 150/5200-37, Introduction to Safety Management System for Airport Operators (Feb. 28, 2007).
The fourth step of SRM, risk assessment, uses the likelihood and severity assessed in step three, and compares it to the organization's acceptable levels of safety risk.
One of the easiest techniques for comparison is through the use of a predictive risk matrix. A predictive risk matrix (like figure 1) graphically depicts the various levels of severity and likelihood as they relate to the levels of risk (for example, low, medium, or high). On a typical risk matrix, severity and likelihood are placed on opposing axes (i.e., x- and y-axis on a grid). For example, a higher severity would be plotted further to the right on the x-axis, and a higher likelihood would be plotted further up the y-axis. The severity and likelihood assessed during the third step of SRM can then be plotted on the risk matrix grid for each of the hazards assessed.
The other feature of a predictive risk matrix is its depiction of the certificate holder's acceptable level of safety risk, in other words the highest level of safety risk it will accept in its operational environment. Typically, the risk matrix depicts three levels of risk: low, medium, and high. A high risk generally would be unacceptable. A medium risk may be acceptable provided mitigations are in place and verified before operations can continue. A low risk may be acceptable without additional mitigation.
When a hazard's likelihood and severity are plotted on the risk matrix, the certificate holder can see whether the hazard's safety risk is acceptable to the organization. Generally, as the likelihood and severity increase, the risk increases. Each certificate holder would determine its acceptable level of risk and other levels of risk when establishing its predictive risk matrix. For example, a hazard with an assessed likelihood of frequent and severity of catastrophic usually would be plotted in the high risk portion of the matrix. A hazard with an assessed likelihood of extremely improbable and assessed severity of minor usually would be plotted in the low risk portion of the matrix. These levels of risk would be based on the certificate holder's acceptable level of risk and may vary from airport to airport.
Under the fourth step of SRM, a certificate holder would plot the likelihood and severity of each hazard assessed during the third step on its predictive risk matrix. The certificate holder would see the level of risk for each hazard and could determine whether that level of risk is acceptable. The certificate holder would use this information to determine whether it must mitigate those risks. Ultimately, the certificate holder would formally accept the risk or approve the mitigation plan as required by its SMS.
In the final step of SRM, mitigation of risk, the certificate holder would take steps to reduce the risk of the hazard to an acceptable level for any hazard determined in the fourth step to present an unacceptable risk. These efforts may include removing the hazard or implementing alternative strategies to reduce the hazard's risks. Additionally, a certificate holder could mitigate the risk of a hazard if that risk is acceptable but could be reduced with mitigation. If a hazard has no associated risk or a low risk, an airport may not have to proceed with this step of SRM for the hazard.
If step five is required, the certificate holder would monitor the mitigations put in place to ensure that they actually decrease the level of risk to an acceptable level. A certificate holder could use the hazard reporting system, which is discussed later, to track identified hazards and their mitigations deployed under SRM.
Under an SMS, a certificate holder would document each of the SRM steps including the identified hazards, the risk analysis and assessment, any proposed mitigations, and management's acceptance of risk. These records can be kept either electronically or in paper-format. This documentation ensures safety-related decisions are consistent with safety policies and goals and provides historical information that can be used to make future safety-related decisions.
This proposal would require a certificate holder to retain these documents and records for the longer of either 36 consecutive calendar months after the risk analysis of identified hazards or 12 consecutive calendar months after implementing mitigation measures. The timelines associated with the retention of those documents ensure they are kept for a time period that provides the airport historical data to conduct meaningful analysis under SRM, to review during Safety Assurance activities, and for the FAA to review for compliance during inspections. These record retention requirements are consistent with other retention requirements under part 139. While these are minimum retention requirements, certificate holders may retain their documents for longer time periods.
A Practical Example of SRM
The airport in this example has one runway and conducts daily self-inspections according to its FAA-approved ACM. An operations agent conducting the airport's daily self-inspection finds foreign object debris (FOD) of substantial size and weight at a taxiway-runway intersection adjacent to an uncontrolled ramp. The operations agent removes the FOD and notes it on the inspection checklist. During a routine review of airport inspections, the operations manager notices that FOD has been collected at this same taxiway-runway intersection during multiple inspections. Under the airport's SRM process, such an event and trend triggers a formal SRM analysis.
The operations manager, who has sufficient training and understands the airport's SMS and operating environment, conducts the analysis. Using SRM documentation procedures and templates, the manager carefully describes the system. At this particular airport, the airport is approved for low-visibility operations which occur twenty-five percent of the calendar year.
The manager then identifies all hazards associated with the FOD. The manager identifies FOD damage to aircraft and/or ingestion into aircraft engines as potential hazards based on the system description.
The manager considers the worst credible outcome of FOD damage and FOD ingestion into aircraft engines based on the location of the FOD in the airport environment. Using the self-inspection records, the manager discerns the FOD usually is found closer to the runway than to the taxiway and in some instances on the runway between the centerline and edge lines. Additionally, the weight and location of the FOD could present a danger to aircraft traversing the runway or taxiway. The manager determines that the worst credible outcome could result in loss of control of the aircraft, an aborted take-off, and/or an aircraft accident.
Using the likelihood and severity definitions provided as part of the airport's SMS, the manager's knowledge of the airport environment, and outside resources (such as industry research or other documents with relevant quantitative statistical analysis), the manager assesses the likelihood and severity of the hazard. In this case, the manager determines the severity of such a hazard could be catastrophic (such as an aircraft accident with fatalities or serious injuries), and the likelihood is improbable. Referring to the airport's risk matrix, the manager plots the assessed likelihood and severity, and the hazard falls within the high risk portion of the matrix. According to the airport's SMS, the manager must take some sort of action to mitigate the occurrence of FOD in this taxiway-runway intersection.
The operations manager has identified numerous risk mitigation strategies. The manager could increase the number of targeted inspections for the area. The manager could conduct further analysis to determine the root-cause of the FOD, which could result from a lack of training, improper maintenance, or other factors that may be mitigated over time. The manager also could communicate with tenants who operate in the area to warn them of the FOD hazard.
In this case, the manager chooses all three mitigation strategies with targeted inspections implemented immediately. Over time, the manager will investigate root cause, will update the airport's FOD prevention training, and will communicate the FOD hazard to tenants.
The manager completes the five SRM steps and documents the processes and determinations on the appropriate templates following the airport's SRM guidelines. Finally, the manager adds an entry to the hazard reporting system to follow up in two weeks to review the self-inspection and targeted inspection reports to verify whether mitigations are working.
Safety Assurance
This proposal would require a certificate holder to ensure safety risk mitigations developed through the airport's SRM process are adequate, and the airport's SMS is functioning effectively. The key outcome of safety assurance is continuous improvement of the airport's operational safety. The proposal would require the certificate holder to:
- Develop and implement a means for monitoring safety performance;
- Establish and maintain a hazard reporting system that provides a means for reporter confidentiality; and
- Develop and implement a process for reporting pertinent safety information and data to the accountable executive on a regular basis.
Safety performance monitoring and measurement is one way an organization can verify its SMS's effectiveness. ICAO also offers a variety of safety performance monitoring and measurement methods including hazard reports, safety studies, safety reviews, audits, safety surveys, and internal safety investigations. While some certificate holders may not find added value in implementing or using all of these information sources, a certificate holder may benefit from using an internal audit or assessment to monitor performance. Documents created under the airport's SMS should be reviewed periodically to verify whether the airport's SMS processes and procedures are being followed, whether trends exist that have not been identified, and whether SRM mitigations are being implemented and are effective. The certificate holder would determine whether this review is completed by airport personnel or by a third party.
See ICAO, Safety Management Manual, at 9.6.4 ICAO Doc. 9859-AN/474 (2nd ed. 2009).
The proposal also would require a certificate holder to establish and maintain a hazard reporting system. A certificate holder's SRM processes and hazard identification procedures likely would not catch all potential airfield hazards. Some hazards may be identified by other employees, airfield tenants, or pilots. Therefore, an airport's SRM would include a system for hazard reporting. A certificate holder may develop the best system for its operating environment, whether a call-in line, a web-based system, or a drop box. The certificate holder would train all employees on the existence of the system and how a report flows through the system to management.
The FAA proposes that airports develop a confidential hazard reporting system. ICAO's SMS model envisions a non-punitive reporting system. Based on information obtained during the pilot studies, a U.S. airport may be unable to prevent punishment of non-airport employees (for example, tenant employees). Therefore, the FAA has concluded that requiring a confidential hazard reporting system will protect the reporter's identity and achieve the goal of protection from reprisal.
For some airports, the required data tracking, data reporting, and assessment programs already exist in other formats. Many airports have functional occupational safety programs in place with reporting, inspection, and training requirements. An airport can use these programs to build its operational SMS.
The FAA envisions an airport using safety assurance to enhance the airport's ability to spot trends and identify safety issues before they result in a near-miss, incident, or accident. An example of safety assurance may involve the performance of the airport in reducing the number of runway incursions. Effective safety assurance processes would require review and investigation of previous incidents and accidents as well as analysis of current policies, procedures, training, and equipment for potential weaknesses. In addition, the safety assurance process would review the efficacy of previously implemented safety strategies to ensure they are functioning as predicted and have not introduced any new systemic risks.
Safety assurance also prescribes data collection and analytical methods that help a certificate holder transition from a reactive approach to a more predictive approach to aviation safety. In this example, failure analysis can be used to anticipate future failures before they occur. Therefore, Safety Assurance provides management tools and data to ensure that the SMS is properly functioning and that mitigations developed through SRM processes are having their intended effect.
Safety Promotion
This proposal would require a certificate holder to establish processes and procedures to foster a safety culture. These processes and procedures include providing formal safety training to all employees with access to the airfield, and developing and maintaining formal means for communicating important safety information.
As previously stated, part 139 currently prescribes numerous training and communications requirements that can be used in developing an SMS. Under an SMS, these requirements would be enhanced and extended to more individuals operating on the airport because everyone has a role in promoting safety. For example, instead of training just those airport employees on part 139 technical requirements (such as airfield driver training), an airport would ensure that all employees with access to the movement and non-movement areas receive training on operational safety and on the airport's SMS.
The FAA proposes the SMS training requirement would apply to airport employees based on information obtained during the pilot studies. However, the FAA believes greater benefits may be achieved if that training requirement were applied to all individuals with access to the movement and non-movement areas, and it is considering that broader SMS training requirement. The FAA invites comments concerning the practical and economic implications of applying the training requirements to all individuals accessing the movement and non-movement area.
The FAA also believes that through the safety promotion component of SMS, an airport's management will promote the growth of a positive safety culture through:
- Publication of senior management's stated commitment to safety to all employees;
- Visible demonstration of management's commitment to the SMS;
- Communication of the safety responsibilities for the airport's personnel specific to their function within the airport;
- Clear and regular communication of safety policy, goals, objectives, standards, and performance to all employees of the organization;
- A confidential and effective employee reporting and feedback system;
- Use of a safety information system that provides an accessible efficient means to retrieve information; and
- Allocation of resources essential to implement and maintain the SMS.
An airport could demonstrate its commitment to safety promotion in several ways. An airport could allocate sufficient resources for the initial and recurrent training of its staff. Likewise, an airport could communicate the results of risk analysis and mitigations for reported hazards. Any training records created as part of the certificate holder's safety promotion processes and procedures would be retained and available for inspection for 24 consecutive calendar months. This retention period is consistent with that for other training records under existing § 139.301. The FAA proposes that any other communications created as part of safety promotion would be retained for 12 consecutive calendar months.
As previously discussed, the FAA recognizes that certificate holders may have systems and processes in place that partially meet the proposed SMS requirements. The FAA believes these systems and processes can easily be incorporated into an SMS and does not intend duplicative burdens. The FAA requests comments on systems and processes currently in use that would not be compatible with the proposed requirements. The FAA also requests comments specifically identifying how the FAA could clarify or improve the incorporation of existing systems and processes into an SMS.
Proposed Implementation Plan Requirements
The FAA proposes to require all certificate holders and applicants for an AOC to submit an implementation plan that accurately describes how the airport will meet the requirements of Subpart E and provides timeframes for implementing the various SMS components and elements within the airport's organization and operations. While the FAA is not requiring an airport to conduct a gap analysis before implementing an SMS, this implementation plan would require a certificate holder to proactively review its current organizational framework and determine how it conforms to airport SMS requirements. This proposal also would require a certificate holder to establish target dates for meeting the requirements of Subpart E well before compliance with Subpart E would be required. Further, the implementation plan must determine an overall SMS implementation timeline as well as dates for completion of updates to the ACM and, where applicable, the SMS Manual.
The proposal takes a two-pronged approach to implementation based on the scale of operations at the certificated airport and provides ample time for airports to conform to the SMS requirement. The FAA learned during the first pilot study that many larger airports were able to complete their gap analysis and develop the SMS Manual and Implementation Plan within six months. However, during the second pilot study with smaller certificated airports, many airports were not able to successfully complete their gap analysis and manual within that timeframe. Based on this experience, the FAA has determined that six months is adequate time for Class I airports to develop a plan of how the airport will develop and implement an SMS. Similarly, the FAA has determined that nine months is adequate time for Class II, III, and IV airports to develop an implementation plan. These implementation plans should detail the steps the airport will take to develop an SMS taking into account the unique operating environment of the airport. Based on projections from the pilot study airports, the FAA has determined that the implementation process should be completed within 18 months for a Class I airport and within 24 months for a Class II, III, and IV airport.
Based on findings from the pilot study, the FAA has determined that all components of an SMS are interrelated and must be implemented at the same time for an SMS to be effective. The FAA requests comments on the proposed implementation requirements and timeframes. If you believe the FAA should adopt a phased-in approach for the SMS components, please provide specific recommendations for how the requirements could be phased in and analysis of the effect on implementation costs and corresponding postponement of safety benefits.
The FAA also proposes to remove paragraph (c) of § 139.101 because the implementation schedule for submitting a new Airport Certification Manual (ACM) under that section is no longer applicable.
Further, the FAA intends to publish any accompanying Advisory Circulars prior to the final rule and widely communicate the requirements to airports through the various industry organizations and FAA airport conferences.
FAA's Role and Oversight
An SMS is not a substitute for compliance with FAA regulations or FAA oversight activities. Rather, an SMS would ensure compliance with safety-related statutory and regulatory requirements. An SMS enhances the FAA's ability to understand the safety of airport operations throughout the year, and not just when an FAA inspector is physically on the airfield.
During an airport's periodic inspection, the FAA envisions an inspector reviewing the certificate holder's ACM to ensure that the SMS requirements are clearly identified and detailed in the ACM or referenced SMS Manual. The inspector would verify through airport records, interviews, and other means that the SMS is being communicated, training is being provided, and senior management is actively engaged in the management and oversight of the SMS. The FAA intends this review as an evaluation of whether a certificate holder's SMS is functioning as it is intended to function rather than as a means for us to second guess a certificate holder's decisions. However, if during the course of an inspection, these processes are determined to have failed in discovering discrepancies with part 139 or have created new discrepancies, the FAA would take appropriate action to ensure the airport corrects these non-compliant conditions.
The following examples detail possible inspector activity, but this proposal does not limit any FAA inspection authority. An FAA inspector may review safety meeting minutes and sign-in sheets to verify whether members of the airport's management team are regularly attending. Additionally, an FAA inspector may request to see SRM documentation to determine whether acceptance of a given risk is being performed by the appropriate level of management. An inspector may also verify whether mitigations are being implemented, which is a clear indicator of the effectiveness of the airport's SRM and safety assurance components. As for verification of safety promotion, the inspector may review training records, training curricula, and the methods of communicating critical safety information throughout the airport organization and to key stakeholders.
If a certificate holder decided to extend the umbrella of its SMS to landside operations beyond the scope of this proposal, the FAA's oversight and inspection authority would extend only to those areas envisioned by this proposal.
The FAA has determined that an SMS is a valuable set of tools for improving safety at airports. However, an SMS does not replace part 139 requirements. An SMS would serve as an enhancement to those technical standards already required under part 139, and the FAA will continue to inspect according to part 139 standards. Additionally, the FAA will promulgate prescriptive regulations as appropriate.
Safety management systems for the aviation industry are still developing. However, the FAA believes now is the time to begin developing and implementing SMS requirements because of their benefits to aviation safety. The FAA recognizes that future rulemaking may be required to capture safety developments, connect to related regulations, and avoid duplication of SMS requirements for various industry sectors.
The FAA is considering rulemaking that would establish SMS requirements for other segments of the aviation industry. The FAA requests comments on the interaction between this proposed rule and potential future rulemakings. The FAA also requests comments on which portions of this proposed rule should be adopted for any potential SMS requirements. Finally, the FAA requests comments on whether there are other issues or principles not included in this proposal that the FAA should consider in issuing a final rule.
Rulemaking Analyses and Notices
Paperwork Reduction Act
This proposal contains a revision of a currently approved collection of information (OMB-2120-0675) subject to review by the Office of Management and Budget (OMB) under the Paperwork Reduction Act of 1995 (44 U.S.C. 3507(d)). The title, description, and number of respondents, frequency of the collection, and estimate of the annual total reporting and recordkeeping burden are shown below.
Title: Safety Management System for Certificated Airports.
Summary: The FAA proposes to revise current part 139 to require certificated airports to establish a safety management system (SMS). An SMS is a formalized approach to managing safety that includes an organization-wide safety policy, formal methods of identifying potential hazards, formal methods for analyzing and mitigating potential hazards, and an organization-wide emphasis on promoting a safety culture.
Use of: Each airport would be able to develop its SMS based on its own unique operating environment. Because airport management can tailor its system, the FAA expects an SMS comprised of four key components: Safety Policy, Safety Risk Management, Safety Assurance, and Safety Promotion. An airport would establish and maintain records that document Safety Risk Management processes; report pertinent safety information and data on a regular basis; record training by each individual that includes, at a minimum, a description and date of training received; and, set forth an implementation plan.
The following information lists estimated initial and annual hours respondents would need to comply with the proposed part 139 SMS reporting and recordkeeping and cost requirements:
Proposed part 139 section | Description | Initial burden hours | Annual burden hours |
---|---|---|---|
139.203 | Airport Safety Management Documentation and Implementation Plan | 784,552 | |
139.301 | Records: to include the hazard reporting system, the records database, training records, promotional material | 21,847 |
SMS Document (Initial Burden)
562 currently certificated airports × 1,396 hours per airport to document an airport's SMS and implementation plan = 784,552 total hours.
Record Keeping (Annual)
5 minutes to update training records per employee × 72,800 estimated employees for all 562 airports = 6,067 hours per year,
30 minutes to record a potential hazard × an estimated 1 potential hazard per week = 13,676 hours per year.
1 hour to create promotional material per airport: promotional material estimated to be distributed quarterly = 4 hours × 562 airports = 2,104 hours per year.
Image Not Available
Estimated total initial SMS cost burden: $10,983,728.
Estimated total SMS document burden: 784,552 hrs.
Clerical Labor (784,552 hrs. × $14 per hr).
Total Labor Costs: $10,983,728.
Estimated total annual recordkeeping cost burden: $305,858.
Estimated total annual recordkeeping burden: 21,847 hrs.
Clerical Labor (21,847 hrs. × $14 per hr).
Total Labor Costs: $305,858.
Individuals and organizations may submit comments on the information collection requirement by January 5, 2011, to the address listed in the ADDRESSES section of this document.
International Compatibility
In keeping with the U.S. obligations under the Convention on International Civil Aviation, it is FAA policy to conform to International Civil Aviation Organization (ICAO) Standards and Recommended Practices to the maximum extent practicable. The FAA has reviewed the corresponding ICAO Standards and Recommended Practices and has identified no differences with these proposed regulations.
Regulatory Evaluation, Regulatory Flexibility Determination, International Trade Impact Assessment, and Unfunded Mandates Assessment
Changes to Federal regulations must undergo several economic analyses. First, Executive Order 12866 directs that each Federal agency shall propose or adopt a regulation only upon a reasoned determination that the benefits of the intended regulation justify its costs. Second, the Regulatory Flexibility Act of 1980 (Pub. L. 96-354) requires agencies to analyze the economic impact of regulatory changes on small entities. Third, the Trade Agreements Act (Pub. L. 96-39) prohibits agencies from setting standards that create unnecessary obstacles to the foreign commerce of the United States. In developing U.S. standards, this Trade Act requires agencies to consider international standards and, where appropriate, that they be the basis of U.S. standards. Fourth, the Unfunded Mandates Reform Act of 1995 (Pub. L. 104-4) requires agencies to prepare a written assessment of the costs, benefits, and other effects of proposed or final rules that include a Federal mandate likely to result in the expenditure by State, local, or tribal governments, in the aggregate, or by the private sector, of $100 million or more annually (adjusted for inflation with base year of 1995). This portion of the preamble summarizes the FAA's analysis of the economic impacts of this proposed rule. We suggest readers seeking greater detail read the full regulatory evaluation, a copy of which we have placed in the docket for this rulemaking.
In conducting these analyses, FAA has determined that this proposed rule: (1) Has benefits that justify its costs; (2) is an not an economically “significant regulatory action” but is a “significant regulatory action” for other reasons as defined in section 3(f) of Executive Order 12866; (3) is “significant” as defined in DOT's Regulatory Policies and Procedures; (4) would not have a significant economic impact on a substantial number of small entities; (5) would not create unnecessary obstacles to the foreign commerce of the United States; and (6) would not impose an unfunded mandate on state, local, or tribal governments, or on the private sector by exceeding the threshold identified above. These analyses are summarized below.
Total Benefits and Costs of This Rule
This notice of proposed rulemaking would require certificated airports to establish a safety management system (SMS). An SMS is a formalized approach to managing safety, which includes an organization-wide safety policy, formal methods of identifying potential hazards, formal methods for analyzing and mitigating potential hazards, and an organization-wide emphasis on promoting a safety culture. An SMS for airports is comprised of four key components: Safety Policy, Safety Risk Management (SRM), Safety Assurance, and Safety Promotion. These components would help airports effectively integrate the formal risk control procedures into normal operational practices thus improving safety at airports throughout the United States air transportation system that host air carrier operations.
The estimated cost of this proposed rule is $ 248 million ($172 million in present value) with potential estimated benefits ranging from $ $170,341,000 ($104,498,600 present value) up to $255,512,000 ($161,441,600 present value). Accounting for the funded survey sample bias, scalability of SMS and qualitative benefits, the FAA expects that overall the proposed rule would have benefits greater than costs.
Who is potentially affected by this rule?
- Part 139 Certificated Airports.
Assumptions
- All costs and benefits are presented in 2009 dollars.
- All costs and benefits are estimated over a 10-year period from 2012 through 2021.
- The present value discount rate of 7 percent is applied as required by the Office of Management and Budget.
Benefits of This Rule
The objective of SMS is to proactively manage safety, to identify potential hazards or risks and implement measures to mitigate those risks. In that respect, the FAA envisions airports being able to use all of the components of SMS to enhance the airport's ability to spot trends, and identify safety issues before they result in a near-miss, incident, or accident. Over the 10-year period of analysis, the potential benefits of potentially averted accidents range from $170 to $256 million.
The FAA also suspects that there are many benefits of SMS, which were unable to be quantified. For example, one of the smaller pilot study airports used their Safety Risk Management (SRM), or formal process, to identify and manage a hazard. The airport identified that loosely controlled passenger traffic was accessing the ramp area. Although, no passenger to date had been injured on the ramp, the airport had experienced “close-calls”. In completing their hazard and risk analysis, the airport determined that the lack of current control presented an unacceptable high risk for the organization. The airport immediately took action to identify feasible mitigation strategies including dedicated passenger walkways, notification of passengers on airport procedures prior to ramp access, and tasking of additional staff to ramp areas for increased control and oversight of passenger traffic during peak-operations. Moreover, the FAA believes that the benefits of SMS, over the 10-year period of analysis, are much greater than what is currently quantified.
Costs of This Rule
The rule if enacted would require certificated U.S. airports to establish a safety management system (SMS) based on the four components: Safety Policy, Safety Risk Management (SRM), Safety Assurance, and Safety Promotion. These components include costs to document an airport's SMS and implementation plan, new staff, new equipment and materials, and training. The costs vary based on the size of the airport. In total this proposed rule is estimated to cost airports $248 million over 10 years.
Regulatory Flexibility Determination
The Regulatory Flexibility Act of 1980 (Pub. L. 96-354) (RFA) establishes “as a principle of regulatory issuance that agencies shall endeavor, consistent with the objectives of the rule and of applicable statutes, to fit regulatory and informational requirements to the scale of the businesses, organizations, and governmental jurisdictions subject to regulation. To achieve this principle, agencies are required to solicit and consider flexible regulatory proposals and to explain the rationale for their actions to assure that such proposals are given serious consideration.” The RFA covers a wide-range of small entities, including small businesses, not-for-profit organizations, and small governmental jurisdictions.
Agencies must perform a review to determine whether a rule will have a significant economic impact on a substantial number of small entities. If the agency determines that it will, the agency must prepare a regulatory flexibility analysis as described in the RFA. However, if an agency determines that a rule is not expected to have a significant economic impact on a substantial number of small entities, section 605(b) of the RFA provides that the head of the agency may so certify and a regulatory flexibility analysis is not required. The certification must include a statement providing the factual basis for this determination, and the reasoning should be clear.
The proposed rule will affect all part 139 airports. Under this rule airports would be required to establish a safety management system to proactively manage safety at the airport. A substantial number of part 139 airports will meet the Small Business Administration definition of a small entity, which includes small governmental jurisdictions as governments of cities, counties, towns, townships, villages, school districts, or special districts with populations of less than 50,000. The requirements of the rule are scalable by airport. They have the ability to choose low cost options. Moreover, many smaller airports expect little to no added cost, given the size of their operations. These airports have fewer operations and employees which are associated with a lower number of reportable incidents, and with fewer incidents these airports can choose inexpensive options. Options, such as an EXCEL or ACCESS for data tracking, a suggestion box for the hazard reporting system, and easy to create memorabilia for promotional material are compliance examples reported by many of these airports. The cost of these items is minimal at roughly $300 per airport. Small airports also have the option of hiring new staff, but the FAA expects that given the size of these airports no additional staff will be needed to meet the requirements of this rule. Thus while there are a substantial number of small entities, the rule would not create a significant economic impact to these airports.
Therefore, the FAA certifies this proposed rule, if promulgated, would not have a significant impact on a substantial number of small entities. The FAA solicits comments regarding this determination. Specifically, the FAA requests comments on whether the proposed rule creates any specific compliance costs unique to small entities. Please provide detailed economic analysis to support any cost claims. The FAA also invites comments regarding other small entity concerns with respect to the proposed rule.
International Trade Impact Assessment
The Trade Agreements Act of 1979 (Pub. L. 96-39), as amended by the Uruguay Round Agreements Act (Pub. L. 103-465), prohibits Federal agencies from establishing standards or engaging in related activities that create unnecessary obstacles to the foreign commerce of the United States. Pursuant to these Acts, the establishment of standards is not considered an unnecessary obstacle to the foreign commerce of the United States, so long as the standard has a legitimate domestic objective, such the protection of safety, and does not operate in a manner that excludes imports that meet this objective. The statute also requires consideration of international standards and, where appropriate, that they be the basis for U.S. standards. The FAA has assessed the potential effect of this proposed rule and determined that it will have only a domestic impact and therefore would not create unnecessary obstacles to the foreign commerce of the United States.
Unfunded Mandates Assessment
Title II of the Unfunded Mandates Reform Act of 1995 (Pub. L. 104-4) requires each Federal agency to prepare a written statement assessing the effects of any Federal mandate in a proposed or final agency rule that may result in an expenditure of $100 million or more (in 1995 dollars) in any one year by State, local, and tribal governments, in the aggregate, or by the private sector; such a mandate is deemed to be a “significant regulatory action.” The FAA currently uses an inflation-adjusted value of $143.1 million in lieu of $100 million. This proposed rule does not contain such a mandate; therefore, the requirements of Title II of the Act do not apply.
Executive Order 13132, Federalism
The FAA has analyzed the proposal under the principles and criteria of Executive Order 13132, Federalism. Most airports subject to this proposal are owned, operated, or regulated by a local government body (such as a city or council government), which, in turn, is incorporated by or as part of a State. Some airports are operated directly by a State. This proposal would have low costs of compliance compared with the resources available to airports, and it would not alter the relationship between certificate holders and the FAA as established by law.
Accordingly, the FAA has determined that this action would not have a substantial direct effect on the States, on the relationship between the national Government and the States, or on the distribution of power and responsibilities among the various levels of government. Therefore, the FAA has determined that this rulemaking does not have federalism implications. The FAA will mail a copy of the NPRM to each state government specifically inviting comment.
Environmental Analysis
FAA Order 1050.1E defines FAA actions that are categorically excluded from preparation of an environmental assessment or environmental impact statement under the National Environmental Policy Act (NEPA) in the absence of extraordinary circumstances. The FAA has determined this proposed rulemaking action qualifies for the categorical exclusion identified in Chapter 3, paragraph 312d and involves no extraordinary circumstances.
Regulations That Significantly Affect Energy Supply, Distribution, or Use
The FAA has analyzed this NPRM under Executive Order 13211, Actions Concerning Regulations that Significantly Affect Energy Supply, Distribution, or Use (May 18, 2001). We have determined that it is not a “significant energy action” under the executive order because it is not likely to have a significant adverse effect on the supply, distribution, or use of energy.
Additional Information
Comments Invited
The FAA invites interested persons to participate in this rulemaking by submitting written comments, data, or views. We also invite comments relating to the economic, environmental, energy, or federalism impacts that might result from adopting the proposals in this document. The most helpful comments reference a specific portion of the proposal, explain the reason for any recommended change, and include supporting data. To ensure the docket does not contain duplicate comments, please send only one copy of written comments, or if you are filing comments electronically, please submit your comments only one time.
We will file in the docket all comments we receive, as well as a report summarizing each substantive public contact with FAA personnel concerning this proposed rulemaking. Before acting on this proposal, we will consider all comments we receive on or before the closing date for comments. We will consider comments filed after the comment period has closed if it is possible to do so without incurring expense or delay. We may change this proposal in light of the comments we receive.
Throughout the proposal discussion, the FAA specifically identifies specific issues related to SMS and guiding principles associated with SMS on which it seeks specific comment. These specific questions are enumerated here to facilitate comment. Please include the question number in your responses to the following questions:
1. Are there interactions between this proposal and potential future rulemakings involving SMS issues? To what extent should the proposal here take into account the possibility of future rulemakings on similar topics? Would it be better to wait for experience under any final rule in this proceeding before judging whether it can or should serve as a precedent for any other SMS requirements?
2. Are there other principles that the FAA should consider in crafting a final rule on airport SMS that are not embodied in this proposal?
3. To what extent will the regulatory burdens proposed by the proposed rule flow through to persons or businesses other than the ones included in the economic analysis? If such flow-through exists, will it increase total societal costs, and if so, by how much? If costs do flow through to others, are costs correspondingly reduced to persons “upstream”? Please provide detailed economic analysis to support any claims of increased costs or cost-offsets, rather than mere assertions.
4. The FAA intends for this and any future SMS rules to be fully scalable, based on the size and complexity of the organization implementing SMS. Do commenters have suggestions for how the FAA could clarify or improve the scalability of this proposal? Please provide detailed suggestions to expand implementation flexibility within the proposal.
5. Would the cost-effectiveness of the rule be improved if the requirements are phased in? Which specific provisions should be phased in? Please provide specific recommendations for a phase-in period, including analysis of the effect on costs to industry and the corresponding postponement of safety benefits.
6. What should the FAA specifically consider when defining “accountable executive” to adequately address the unique operating environment of certificated airports?
7. Should the FAA consider expanding the SMS training requirements to all individuals (rather than just airport employees) accessing the movement and non-movement areas? What are the specific practical and economic implications of such a requirement?
Proprietary or Confidential Business Information
Do not file in the docket information that you consider to be proprietary or confidential business information. Send or deliver this information directly to the person identified in the FOR FURTHER INFORMATION CONTACT section of this document. You must mark the information that you consider proprietary or confidential. If you send the information on a disk or CD-ROM, mark the outside of the disk or CD-ROM and also identify electronically within the disk or CD-ROM the specific information that is proprietary or confidential.
Under 14 CFR 11.35(b), when we are aware of proprietary information filed with a comment, we do not place it in the docket. We hold it in a separate file to which the public does not have access, and we place a note in the docket that we have received it. If we receive a request to examine or copy this information, we treat it as any other request under the Freedom of Information Act (5 U.S.C. 552). We process such a request under the DOT procedures found in 49 CFR part 7.
Availability of Rulemaking Documents
You can get an electronic copy using the Internet by—
(1) Searching the Federal eRulemaking Portal ( http://www.regulations.gov );
(2) Visiting the FAA's Regulations and Policies Web page at http://www.faa.gov/regulations_policies/;;; or
(3) Accessing the Government Printing Office's Web page at http://www.gpoaccess.gov/fr/index.html.
You can also get a copy by sending a request to the Federal Aviation Administration, Office of Rulemaking, ARM-1, 800 Independence Avenue, SW., Washington, DC 20591, or by calling (202) 267-9680. Make sure to identify the docket number or notice number of this rulemaking.
You may access all documents the FAA considered in developing this proposed rule, including economic analyses and technical reports, from the internet through the Federal eRulemaking Portal referenced in paragraph (1).
List of Subjects in 14 CFR Part 139
- Air carriers
- Airports
- Aviation safety
- Reporting and recordkeeping requirements
The Proposed Amendment
In consideration of the foregoing, the Federal Aviation Administration proposes to amend chapter I of Title 14, Code of Federal Regulations as follows:
PART 139—CERTIFICATION OF AIRPORTS
1. The authority citation for part 139 continues to read as follows:
Authority: 49 U.S.C. 106(g), 40113, 44701-44702, 44709, 44719.
2. Amend § 139.5 by adding the definitions of Accountable executive, Airport Safety Management System (SMS), Hazard, Non-movement area, Risk, Risk analysis, Risk mitigation, Safety assurance, Safety policy, Safety promotion, and Safety risk management in alphabetical order to read as follows:
Accountable executive means a single, identifiable person who, irrespective of other functions, has ultimate responsibility and accountability, on behalf of the certificate holder, for the implementation and maintenance of the Airport Safety Management System. The Accountable Executive has full control of the human and financial resources required to implement and maintain the Airport Safety Management System. The Accountable Executive has final authority over operations conducted under the Airport's Operating Certificate and has final responsibility for all safety issues.
Airport Safety Management System (SMS) means an integrated collection of processes and procedures that ensures a formalized and proactive approach to system safety through risk management.
Hazard means any existing or potential condition that can lead to injury, illness, death, or damage to or loss of a system, equipment, or property.
Non-movement area means the area, other than that described as the movement area, used for the loading, unloading, parking, and movement of aircraft on the airside of the airport (including without limitation ramps, apron areas, and on-airport fuel farms).
Risk means the composite of predicted severity and likelihood of the worst credible outcome (harm) of a hazard.
Risk analysis means the process whereby a hazard is characterized for its likelihood and the severity of its effect or harm. Risk analysis can be either a quantitative or qualitative analysis; however, the inability to quantify or the lack of historical data on a particular hazard does not preclude the need for analysis.
Risk mitigation means any action taken to reduce the risk of a hazard's effect.
Safety assurance means the process management functions that evaluate the continued effectiveness of implemented risk mitigation strategies; support the identification of new hazards; and function to systematically provide confidence that an organization meets or exceeds its safety objectives through continuous improvement.
Safety policy means the statement and documentation adopted by a certificate holder defining its commitment to safety and overall safety vision.
Safety promotion means the combination of safety culture, training, and communication activities that support the implementation and operation of an SMS.
Safety risk management means a formal process within an SMS composed of describing the system, identifying the hazards, analyzing, assessing, and mitigating the risk.
3. Amend § 139.101 by removing paragraph (c).
4. Amend § 139.103 by revising paragraph (b) to read as follows:
(b) Submit with the application, two copies of an Airport Certification Manual, Safety Management System Implementation Plan (as required by § 139.103(b)), and Safety Management System Manual (where applicable) prepared in accordance with subparts C and E of this part.
5. Amend § 139.203 by redesignating paragraph (b)(29) as (b)(30) and adding a new paragraph (b)(29) to read as follows:
(b) * * *
Required Airport Certification Manual Elements
Manual elements | Airport certificate class | |||
---|---|---|---|---|
Class I | Class II | Class III | Class IV | |
* * * * * * * | ||||
29. Policies and procedures for the development, implementation, operation, and maintenance of the Airport's Safety Management System, as required under subpart E of this part | X | X | X | X |
* * * * * * * |
6. Amend § 139.301 by revising paragraph (b)(1) and adding new paragraphs (b)(9) and (b)(10) to read as follows:
(b) * * *
(1) Personnel training. Twenty-four consecutive calendar months for personnel training records, as required under §§ 139.303, 139.327, and 139.402.
(9) Safety risk management documentation. Thirty-six consecutive calendar months or twelve consecutive calendar months, as required under § 139.402(b).
(10) Safety communications. Twelve consecutive calendar months for safety communications, as required under § 139.402(d).
7. Add subpart E to part 139 to read as follows:
- Subpart E—Airport Safety Management System
Subpart E—Airport Safety Management System
(a) Each certificate holder, or applicant for an Airport Operating Certificate, must develop and maintain an Airport Safety Management System that is approved by the Administrator.
(b) The scope of an Airport Safety Management System must encompass aircraft operation in the movement area, aircraft operation in the non-movement area, and other airport operations addressed in this part.
(c) Each required certificate holder must describe its compliance with the requirements identified in § 139.402 either:
(1) Within a separate section of the certificate holder's Airport Certification Manual titled Airport Safety Management System; or
(2) Within a separate Airport Safety Management System Manual. If the certificate holder chooses to use a separate Airport Safety Management System Manual, the Airport Certification Manual must incorporate by reference Airport Safety Management System Manual.
(d) FAA Advisory Circulars contain methods and procedures for the development of an Airport Safety Management System.
An approved Airport Safety Management System must include:
(a) Safety Policy. A Safety Policy that, at a minimum:
(1) Identifies the accountable executive.
(2) Establishes and maintains a safety policy statement signed by the accountable executive.
(3) Ensures the safety policy statement is available to all employees and tenants.
(4) Identifies and communicates the safety organizational structure.
(5) Describes management responsibility and accountability for safety issues.
(6) Establishes and maintains safety objectives and the certificate holder's acceptable level of safety.
(7) Defines methods, processes, and organizational structure necessary to meet safety objectives.
(b) Safety Risk Management. Safety Risk Management processes and procedures for identifying hazards and their associated risks within airport operations and for changes to those operations covered by this part that at a minimum:
(1) Establish a system for identifying safety hazard.
(2) Establish a systematic process to analyze hazards and their associated risks by:
(i) Describing the system;
(ii) Identifying hazards;
(iii) Analyzing the risk of identified hazards and/or proposed mitigations;
(iv) Assessing the level of risk associated with identified hazards; and
(v) Mitigating the risks of identified hazards, when appropriate.
(3) Provide for regular assessment to ensure that safety objectives identified under paragraph (a)(6) of this section are being met.
(4) Establish and maintain records that document the certificate holder's Safety Risk Management processes.
(i) The records shall provide a means for airport management's acceptance of assessed risks and mitigations.
(ii) Records associated with the certificate holder's Safety Risk Management processes must be retained for the longer of:
(A) Thirty-six consecutive calendar months after the risk analysis of identified hazards under paragraph (b)(2)(iv) of this section has been completed; or
(B) Twelve consecutive calendar months after mitigations required under paragraph (b)(2)(v) of this section have been implemented.
(c) Safety Assurance. Safety Assurance processes and procedures to ensure mitigations developed through the certificate holder's Safety Risk Management processes and procedures are adequate, and the Airport's Safety Management System is functioning effectively and meeting the safety objectives established under paragraph (a)(6) of this section. Those processes and procedures must, at a minimum:
(1) Provide a means for monitoring safety performance.
(2) Establish and maintain a hazard reporting system that provides a means for reporter confidentiality.
(3) Report pertinent safety information and data on a regular basis to the accountable executive. Reportable data includes without limitation:
(i) Performance with safety objectives established under paragraph (a)(6) of this section;
(ii) Safety critical information distributed in accordance with paragraph (d)(2)(ii) of this section;
(iii) Status of ongoing mitigations required under the Airport's Safety Risk Management processes as described under paragraph (b)(2)(v) of this section; and
(iv) Status of a certificate holder's schedule for implementing the Airport Safety Management System as described under paragraph (b)(2) of this section.
(d) Safety Promotion. Safety Promotion processes and procedures to foster an airport operating environment that encourages safety. Those processes and procedures must, at a minimum:
(1) Provide formal safety training to each employee and tenant with access to airport areas regulated under this part that is appropriate to the individual's role.
(2) Maintain a record of all training by each individual under this section that includes, at a minimum, a description and date of training received. Such records must be retained for 24 consecutive calendar months after completion of training.
(3) Develop and maintain formal means for communicating important safety information that, at a minimum:
(i) Ensures that all personnel are aware of the SMS and their safety roles and responsibilities;
(ii) Conveys critical safety information;
(iii) Provides feedback to reporters using the airport's hazard reporting system required under § paragraph (c)(2) of this section; and
(iv) Disseminates safety lessons learned to relevant personnel or other stakeholders.
(4) Maintain records of communications required under this section for 12 consecutive calendar months.
(a) Each certificate holder required to develop and maintain an Airport Safety Management System under this subpart must submit an implementation plan on or before:
(1) [6 months after effective date of final rule] for Class I airports.
(2) [9 months after effective date of final rule] for Class II, III, and IV airports.
(b) An implementation plan must provide:
(1) A proposal on how the certificate holder will meet the requirements prescribed in this subpart; and
(2) A schedule for implementing SMS components and elements prescribed in § 139.402.
(d) Each certificate holder must submit its amended Airport Certification Manual and Airport Safety Management System Manual, if applicable, to the FAA for approval in accordance with its implementation plan but not later than:
(1) [18 months after effective date of final rule] for Class I airports.
(2) [24 months after effective date of final rule] for Class II, III, and IV airports.
Issued in Washington, DC, on September 30, 2010.
Michael J. O'Donnell,
Director, Office of Airport Safety and Standards.
BILLING CODE 4910-13-P
[FR Doc. 2010-25338 Filed 10-6-10; 8:45 am]
BILLING CODE 4910-13-P